src - OpenBSD base system

diff options


context:
space:
mode:

author	Philipp Buehler <pb@cvs.openbsd.org>	2004-04-28 02:43:10 +0000
committer	Philipp Buehler <pb@cvs.openbsd.org>	2004-04-28 02:43:10 +0000
commit	fbc3da186093d0f377959cbb178704df3df7fbbf (patch)
tree	b125686ba91f29f28d0cc7ea1252db065034584e
parent	0109542fc439ac9a11f415a835810794b4c3aeb2 (diff)

Dont step into INET6 code, just because af != AF_INET

Also comment #endif properly while being here ok mcbride@

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

5 files changed, 101 insertions, 44 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 3a249514656..c1e9320b0a9 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf.c,v 1.443 2004/04/27 18:28:07 frantzen Exp $ */

+/* $OpenBSD: pf.c,v 1.444 2004/04/28 02:43:08 pb Exp $ */

@@ -479,7 +479,7 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af)

break;

}

-#endif

+#endif /* INET6 */

struct pf_state *

pf_find_state_byid(struct pf_state *key)

@@ -1308,7 +1308,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,

m_tag_prepend(m, mtag);

}

-#endif

+#endif /* ALTQ */

m->m_data += max_linkhdr;

m->m_pkthdr.len = m->m_len = len;

m->m_pkthdr.rcvif = NULL;

@@ -1423,7 +1423,7 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af,

m_tag_prepend(m0, mtag);

}

-#endif

+#endif /* ALTQ */

switch (af) {

#ifdef INET

@@ -1768,20 +1768,27 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,

if (rpool->cur->addr.type == PF_ADDR_NOROUTE)

return (1);

if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {

- if (af == AF_INET) {

+ switch (af) {

+#ifdef INET

+ case AF_INET:

if (rpool->cur->addr.p.dyn->pfid_acnt4 < 1 &&

(rpool->opts & PF_POOL_TYPEMASK) !=

PF_POOL_ROUNDROBIN)

return (1);

raddr = &rpool->cur->addr.p.dyn->pfid_addr4;

rmask = &rpool->cur->addr.p.dyn->pfid_mask4;

- } else {

+ break;

+#endif /* INET */

+#ifdef INET6

+ case AF_INET6:

if (rpool->cur->addr.p.dyn->pfid_acnt6 < 1 &&

(rpool->opts & PF_POOL_TYPEMASK) !=

PF_POOL_ROUNDROBIN)

return (1);

raddr = &rpool->cur->addr.p.dyn->pfid_addr6;

rmask = &rpool->cur->addr.p.dyn->pfid_mask6;

+ break;

+#endif /* INET6 */

}

} else if (rpool->cur->addr.type == PF_ADDR_TABLE) {

if ((rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_ROUNDROBIN)

@@ -2098,7 +2105,9 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,

switch (direction) {

case PF_OUT:

if (r->rpool.cur->addr.type == PF_ADDR_DYNIFTL){

- if (pd->af == AF_INET) {

+ switch (pd->af) {

+#ifdef INET

+ case AF_INET:

if (r->rpool.cur->addr.p.dyn->

pfid_acnt4 < 1)

return (NULL);

@@ -2108,7 +2117,10 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,

&r->rpool.cur->addr.p.dyn->

pfid_mask4,

saddr, AF_INET);

- } else {

+ break;

+#endif /* INET */

+#ifdef INET6

+ case AF_INET6:

if (r->rpool.cur->addr.p.dyn->

pfid_acnt6 < 1)

return (NULL);

@@ -2118,6 +2130,8 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,

&r->rpool.cur->addr.p.dyn->

pfid_mask6,

saddr, AF_INET6);

+ break;

+#endif /* INET6 */

}

} else

PF_POOLMASK(naddr,

@@ -2127,7 +2141,9 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,

break;

case PF_IN:

if (r->rpool.cur->addr.type == PF_ADDR_DYNIFTL){

- if (pd->af == AF_INET) {

+ switch (pd->af) {

+#ifdef INET

+ case AF_INET:

if (r->src.addr.p.dyn->

pfid_acnt4 < 1)

return (NULL);

@@ -2137,7 +2153,10 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,

&r->src.addr.p.dyn->

pfid_mask4,

daddr, AF_INET);

- } else {

+ break;

+#endif /* INET */

+#ifdef INET6

+ case AF_INET6:

if (r->src.addr.p.dyn->

pfid_acnt6 < 1)

return (NULL);

@@ -2147,6 +2166,8 @@ pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,

&r->src.addr.p.dyn->

pfid_mask6,

daddr, AF_INET6);

+ break;

+#endif /* INET6 */

}

} else

PF_POOLMASK(naddr,

@@ -2222,6 +2243,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, struct pf_pdesc *pd)

daddr = pd->src;

}

switch (pd->af) {

+#ifdef INET

case AF_INET:

inp = in_pcbhashlookup(tb, saddr->v4, sport, daddr->v4, dport);

if (inp == NULL) {

@@ -2230,6 +2252,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, struct pf_pdesc *pd)

return (0);

}

break;

+#endif /* INET */

#ifdef INET6

case AF_INET6:

inp = in6_pcbhashlookup(tb, &saddr->v6, sport, &daddr->v6,

@@ -5184,6 +5207,7 @@ pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p,

if (m->m_pkthdr.len < off + len)

return (1);

switch (af) {

+#ifdef INET

case AF_INET:

if (p == IPPROTO_ICMP) {

if (m->m_len < off)

@@ -5199,6 +5223,7 @@ pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p,

sum = in4_cksum(m, p, off, len);

}

break;

+#endif /* INET */

#ifdef INET6

case AF_INET6:

if (m->m_len < sizeof(struct ip6_hdr))

@@ -5272,7 +5297,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)

#ifdef DIAGNOSTIC

if ((m->m_flags & M_PKTHDR) == 0)

panic("non-M_PKTHDR is passed to pf_test");

-#endif

+#endif /* DIAGNOSTIC */

memset(&pd, 0, sizeof(pd));

if (m->m_pkthdr.len < (int)sizeof(*h)) {

@@ -5341,7 +5366,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5375,7 +5400,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5403,7 +5428,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5418,7 +5443,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5456,7 +5481,7 @@ done:

m_tag_prepend(m, mtag);

}

-#endif

+#endif /* ALTQ */

* connections redirected to loopback should not match sockets

@@ -5577,7 +5602,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)

#ifdef DIAGNOSTIC

if ((m->m_flags & M_PKTHDR) == 0)

panic("non-M_PKTHDR is passed to pf_test");

-#endif

+#endif /* DIAGNOSTIC */

memset(&pd, 0, sizeof(pd));

if (m->m_pkthdr.len < (int)sizeof(*h)) {

@@ -5668,7 +5693,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5702,7 +5727,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5731,7 +5756,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5746,7 +5771,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)

if (action == PF_PASS) {

#if NPFSYNC

pfsync_update_state(s);

-#endif

+#endif /* NPFSYNC */

r = s->rule.ptr;

a = s->anchor.ptr;

log = s->log;

@@ -5777,7 +5802,7 @@ done:

m_tag_prepend(m, mtag);

}

-#endif

+#endif /* ALTQ */

if (dir == PF_IN && action == PF_PASS && (pd.proto == IPPROTO_TCP ||

pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL &&

diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c
index cdc6e36962f..77c5f06b6cd 100644
--- a/sys/net/pf_if.c
+++ b/sys/net/pf_if.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_if.c,v 1.11 2004/03/15 11:38:23 cedric Exp $ */

+/* $OpenBSD: pf_if.c,v 1.12 2004/04/28 02:43:09 pb Exp $ */

@@ -430,14 +430,14 @@ pfi_instance_add(struct ifnet *ifp, int net, int flags)

}

if (af == AF_INET)

got4 = 1;

- else

+ else if (af == AF_INET6)

got6 = 1;

net2 = net;

if (net2 == 128 && (flags & PFI_AFLAG_NETWORK)) {

if (af == AF_INET) {

net2 = pfi_unmask(&((struct sockaddr_in *)

ia->ifa_netmask)->sin_addr);

- } else {

+ } else if (af == AF_INET6) {

net2 = pfi_unmask(&((struct sockaddr_in6 *)

ia->ifa_netmask)->sin6_addr);

}

@@ -816,7 +816,9 @@ pfi_dohooks(struct pfi_kif *p)

int

pfi_match_addr(struct pfi_dynaddr *dyn, struct pf_addr *a, sa_family_t af)

{

- if (af == AF_INET) {

+ switch (af) {

+#ifdef INET

+ case AF_INET:

switch (dyn->pfid_acnt4) {

case 0:

return (0);

@@ -826,7 +828,10 @@ pfi_match_addr(struct pfi_dynaddr *dyn, struct pf_addr *a, sa_family_t af)

default:

return (pfr_match_addr(dyn->pfid_kt, a, AF_INET));

}

- } else {

+ break;

+#endif /* INET */

+#ifdef INET6

+ case AF_INET6:

switch (dyn->pfid_acnt6) {

case 0:

return (0);

@@ -836,5 +841,9 @@ pfi_match_addr(struct pfi_dynaddr *dyn, struct pf_addr *a, sa_family_t af)

default:

return (pfr_match_addr(dyn->pfid_kt, a, AF_INET6));

}

+ break;

+#endif /* INET6 */

+ default:

+ return (0);

}

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index dad8d232430..b95568764d0 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_ioctl.c,v 1.116 2004/04/27 02:56:20 kjc Exp $ */

+/* $OpenBSD: pf_ioctl.c,v 1.117 2004/04/28 02:43:09 pb Exp $ */

@@ -1303,7 +1303,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

} else

newrule->pqid = newrule->qid;

}

-#endif

+#endif /* ALTQ */

if (newrule->tagname[0])

if ((newrule->tag =

pf_tagname2tag(newrule->tagname)) == 0)

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 2fc6049b166..fd306c6d978 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_norm.c,v 1.83 2004/04/27 18:28:07 frantzen Exp $ */

+/* $OpenBSD: pf_norm.c,v 1.84 2004/04/28 02:43:09 pb Exp $ */

@@ -1192,7 +1192,7 @@ pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif,

PFLOG_PACKET(kif, h, m, AF_INET6, dir, *reason, r, NULL, NULL);

return (PF_DROP);

}

-#endif

+#endif /* INET6 */

int

pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff,

diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c
index a6c303c4dbf..e894df50207 100644
--- a/sys/net/pf_table.c
+++ b/sys/net/pf_table.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_table.c,v 1.49 2004/04/25 02:48:03 itojun Exp $ */

+/* $OpenBSD: pf_table.c,v 1.50 2004/04/28 02:43:09 pb Exp $ */

@@ -666,14 +666,18 @@ pfr_validate_addr(struct pfr_addr *ad)

int i;

switch (ad->pfra_af) {

+#ifdef INET

case AF_INET:

if (ad->pfra_net > 32)

return (-1);

break;

+#endif /* INET */

+#ifdef INET6

case AF_INET6:

if (ad->pfra_net > 128)

return (-1);

break;

+#endif /* INET6 */

default:

return (-1);

}

@@ -736,7 +740,7 @@ pfr_lookup_addr(struct pfr_ktable *kt, struct pfr_addr *ad, int exact)

if (ad->pfra_af == AF_INET) {

FILLIN_SIN(sa.sin, ad->pfra_ip4addr);

head = kt->pfrkt_ip4;

- } else {

+ } else if ( ad->pfra_af == AF_INET6 ) {

FILLIN_SIN6(sa.sin6, ad->pfra_ip6addr);

head = kt->pfrkt_ip6;

}

@@ -769,7 +773,7 @@ pfr_create_kentry(struct pfr_addr *ad)

if (ad->pfra_af == AF_INET)

FILLIN_SIN(ke->pfrke_sa.sin, ad->pfra_ip4addr);

- else

+ else if (ad->pfra_af == AF_INET6)

FILLIN_SIN6(ke->pfrke_sa.sin6, ad->pfra_ip6addr);

ke->pfrke_af = ad->pfra_af;

ke->pfrke_net = ad->pfra_net;

@@ -881,7 +885,7 @@ pfr_prepare_network(union sockaddr_union *sa, int af, int net)

sa->sin.sin_len = sizeof(sa->sin);

sa->sin.sin_family = AF_INET;

sa->sin.sin_addr.s_addr = htonl(-1 << (32-net));

- } else {

+ } else if (af == AF_INET6) {

sa->sin6.sin6_len = sizeof(sa->sin6);

sa->sin6.sin6_family = AF_INET6;

for (i = 0; i < 4; i++) {

@@ -907,7 +911,7 @@ pfr_route_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke)

bzero(ke->pfrke_node, sizeof(ke->pfrke_node));

if (ke->pfrke_af == AF_INET)

head = kt->pfrkt_ip4;

- else

+ else if (ke->pfrke_af == AF_INET6)

head = kt->pfrkt_ip6;

s = splsoftnet();

@@ -931,7 +935,7 @@ pfr_unroute_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke)

if (ke->pfrke_af == AF_INET)

head = kt->pfrkt_ip4;

- else

+ else if (ke->pfrke_af == AF_INET6)

head = kt->pfrkt_ip6;

s = splsoftnet();

@@ -960,7 +964,7 @@ pfr_copyout_addr(struct pfr_addr *ad, struct pfr_kentry *ke)

ad->pfra_not = ke->pfrke_not;

if (ad->pfra_af == AF_INET)

ad->pfra_ip4addr = ke->pfrke_sa.sin.sin_addr;

- else

+ else if (ad->pfra_af == AF_INET6)

ad->pfra_ip6addr = ke->pfrke_sa.sin6.sin6_addr;

}

@@ -1029,7 +1033,7 @@ pfr_walktree(struct radix_node *rn, void *arg)

&ke->pfrke_sa, AF_INET);

w->pfrw_dyn->pfid_mask4 = *SUNION2PF(

&pfr_mask, AF_INET);

- } else {

+ } else if (ke->pfrke_af == AF_INET6){

if (w->pfrw_dyn->pfid_acnt6++ > 0)

break;

pfr_prepare_network(&pfr_mask, AF_INET6, ke->pfrke_net);

@@ -1884,18 +1888,22 @@ pfr_match_addr(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af)

return (0);

switch (af) {

+#ifdef INET

case AF_INET:

pfr_sin.sin_addr.s_addr = a->addr32[0];

ke = (struct pfr_kentry *)rn_match(&pfr_sin, kt->pfrkt_ip4);

if (ke && KENTRY_RNF_ROOT(ke))

ke = NULL;

break;

+#endif /* INET */

+#ifdef INET6

case AF_INET6:

bcopy(a, &pfr_sin6.sin6_addr, sizeof(pfr_sin6.sin6_addr));

ke = (struct pfr_kentry *)rn_match(&pfr_sin6, kt->pfrkt_ip6);

if (ke && KENTRY_RNF_ROOT(ke))

ke = NULL;

break;

+#endif /* INET6 */

}

match = (ke && !ke->pfrke_not);

if (match)

@@ -1917,18 +1925,24 @@ pfr_update_stats(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af,

return;

switch (af) {

+#ifdef INET

case AF_INET:

pfr_sin.sin_addr.s_addr = a->addr32[0];

ke = (struct pfr_kentry *)rn_match(&pfr_sin, kt->pfrkt_ip4);

if (ke && KENTRY_RNF_ROOT(ke))

ke = NULL;

break;

+#endif /* INET */

+#ifdef INET6

case AF_INET6:

bcopy(a, &pfr_sin6.sin6_addr, sizeof(pfr_sin6.sin6_addr));

ke = (struct pfr_kentry *)rn_match(&pfr_sin6, kt->pfrkt_ip6);

if (ke && KENTRY_RNF_ROOT(ke))

ke = NULL;

break;

+#endif /* INET6 */

+ default:

+ return (0);

}

if ((ke == NULL || ke->pfrke_not) != notrule) {

if (op_pass != PFR_OP_PASS)

@@ -2001,8 +2015,10 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,

union sockaddr_union mask;

int idx = -1, use_counter = 0;

- addr = (af == AF_INET) ? (struct pf_addr *)&pfr_sin.sin_addr :

- (struct pf_addr *)&pfr_sin6.sin6_addr;

+ if (af == AF_INET)

+ addr = (struct pf_addr *)&pfr_sin.sin_addr;

+ else if (af == AF_INET6)

+ addr = (struct pf_addr *)&pfr_sin6.sin6_addr;

if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL)

kt = kt->pfrkt_root;

if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))

@@ -2045,9 +2061,12 @@ _next_block:

}

for (;;) {

/* we don't want to use a nested block */

- ke2 = (struct pfr_kentry *)(af == AF_INET ?

- rn_match(&pfr_sin, kt->pfrkt_ip4) :

- rn_match(&pfr_sin6, kt->pfrkt_ip6));

+ if (af == AF_INET)

+ ke2 = (struct pfr_kentry *)rn_match(&pfr_sin,

+ kt->pfrkt_ip4);

+ else if (af == AF_INET6)

+ ke2 = (struct pfr_kentry *)rn_match(&pfr_sin6,

+ kt->pfrkt_ip6);

/* no need to check KENTRY_RNF_ROOT() here */

if (ke2 == ke) {

/* lookup return the same block - perfect */

@@ -2080,12 +2099,16 @@ pfr_kentry_byidx(struct pfr_ktable *kt, int idx, int af)

w.pfrw_cnt = idx;

switch (af) {

+#ifdef INET

case AF_INET:

rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w);

return (w.pfrw_kentry);

+#endif /* INET */

+#ifdef INET6

case AF_INET6:

rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w);

return (w.pfrw_kentry);

+#endif /* INET6 */

default:

return (NULL);

}